Few days ago, an unnamed computer worm forced Microsoft to temporarily suspend active links in its Live Messenger 2009 to prevent the aggressive worm spreading. Instant messaging is a very effective way for malware to stay active and thrive. And as time progresses, cybercriminals are refining their techniques to lure potential victims to visit malicious hyperlinks.
“This is quite a surprising measure, because worms spreading through Instant Messaging (IM) such as Skype, Yahoo! Messenger and Microsoft Live Messenger are not new at all. For example, the AimVen worm was discovered in 2003 and was targeting the America Online Instant Messenger platform,” comments ESET’s Senior Researcher Pierre-Marc Bureau, who was just named "Best Newcomer in the Antivirus industry" at the Virus Bulletin Conference 2010 in Vancouver, Canada.
“The modus operandi for this type of attack is simple,” explains Bureau. “First the victim receives a message that contains a hyperlink from one of their contacts, clicks on it and gets infected.” The worm can also use geo-localization in order to use the victim's language and even relate to news or events trending in the victim's country. These advanced techniques may trick even the most cautious users..
ESET has compiled seven golden security rules while instant messaging:
1. Opening pictures, downloading files or clicking links should be avoided at all cost in case it comes from someone you do not know. Do not open suspicious files or links even if they come for someone you know; try to confirm with the person on the origin of the attachment.
2. Do not reply to messages from people you don’t know if you were not expecting them. If someone you do not recognize sends you a request to add him/her to your contacts, decline the request if not sure about the indetity of the contact.
3. Unwanted messages ought to be blocked - blocking spam or messages from strangers might be easier than you think – most IM software allows you to create your own contact list.
4. Do not post sensitive information and private data in instant messages, especially refrain from sharing credit card numbers, banking details, paswords or important personal identification data like phone number or addresses. You should also avoid sharing information about your IM name or e-mail contact over the Intertnet.
5. Your Instant Messaging should also have a strong password as any other account. Always use different passwords for different accounts and other online services (such as online banking, e-mail). Do not recycle your password. If you log in on public or shared computer, make sure to uncheck the automatic login feature.
6. Avoid meeting strangers that you have met online while instant messaging. If you decide to meet someone in real person anyway, take safety precautions – bring someone along with you.
7. Turn off your Web camera if you are not using it, as some malware allows criminals and strangers to spy on you through your own webcam. If you have an integrated camera, always check the control light that it is off when you are not using it.
About ESET
Founded in 1992, ESET is a global provider of security solutions for the home and business segment. The industry leader in proactive malware detection, ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100 Awards," never to have missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.
ESET has global headquarters in Bratislava, Slovakia and offices in San Diego, USA; Buenos Aires, Argentina; Prague, Czech Republic; Singapore and an extensive partner network in more than 180 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte’s Technology Fast 500 as one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.